WDK Docs

Privacy & Security Operations

Public-facing operational guidance for running WDK + USDT0 integrations safely in production.

⌘KCommand-palette first navJump:Quickstart API Errors Migration Security

Security Operations Baseline

Minimize stored payment metadata; never persist raw private keys or seed material.
Store only necessary authorization artifacts (hash/nonce/expiry/audit refs) with strict retention.
Redact wallet addresses and signatures in logs where full values are not required for debugging.
Enforce replay protections (nonce, expiry, idempotency) before settlement execution.
Separate signer, policy, and settlement responsibilities to reduce blast radius.
Run monthly upstream WDK conformance reviews and publish validated_at / validated_by metadata.

Data classification: public-chain data vs sensitive app metadata vs user profile data.
PII minimization in telemetry and support tooling.
Retention windows documented per data class (events, receipts, audit logs).
Deletion workflow for tenant-scoped metadata where legally required.
Cross-border data handling and subprocessors review for hosted components.
Incident response path for key-custody or signing-boundary anomalies.

Exact upstream WDK API surface mapping table is complete and reviewed.
Claims review passed (no unsupported “first/native/official” language).
Version pinning matrix published for WDK version, chains, auth modes, and known constraints.
Security checklist attached to settlement strategy PRs with named reviewers.